Why Multi-Word Phrases Make Better Passwords Than Gibberish

We’ve always argued that the most secure password is one you don’t even know and is basically incomprehensible. Security expert Thomas Baekdal argues that these incomprehensible passwords — while secure — are not as secure as a more memorable and simple phrase. In other words, this is fun is a more secure password than s$yK0d*p!r3l09ls. Here’s why.Baekdal outlines that using the three most common methods of cracking passwords — brute-force, common word and dictionary attacks — are really only useful if a password can be cracked in a reasonable amount of time. If a password can be cracked in a few minutes, it’s not a terribly secure password. If it can be cracked in about a month, that’s still a while but not entirely secure. A year is where you can start feeling secure, but the best passwords take a lifetime to crack. Baekdal states that a gibberish password, like J4fS, will take about 219 years to crack using a brute-force attack (the fastest method). That’s secure for life, but it’s not terribly easy to remember. On the other hand, a phrase like “this is fun” would take about 2537 years to crack using a brute-force attack. It’s not only more secure, but also easier to remember.

This happens because of the spaces, which are special characters (you could use – or ! instead of spaces, if you wanted to). Uncommon words also increase the complexity, so if you want your password to outlive the human race you could use something like fluffy is puffy.

Baekdal’s article spurred a lot of debate and plenty of questions, many of which he’s answered. While you are certainly more secure if nobody — not even you — know your passwords, you still need a master password that you have to remember. If you want a password that’s remarkably easy to remember, this is a great way to get one.

The Usibility of Passwords [Baekdal]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


25 responses to “Why Multi-Word Phrases Make Better Passwords Than Gibberish”

Leave a Reply